package javacommon.filter;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Random;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.web.filter.OncePerRequestFilter;

import com.smg.community.model.CrmRight;
import com.smg.community.model.CrmUser;
import com.smg.community.setting.ProjectSetting;


public class LoginFilter extends OncePerRequestFilter implements Filter {
	public void destroy() {
		// TODO 自动生成方法存根

	}
//添加路径识别startthread
	@Override
	protected void doFilterInternal(HttpServletRequest request,HttpServletResponse response, FilterChain filterChain)
			throws ServletException, IOException {
		request.setCharacterEncoding("utf-8");
		response.setCharacterEncoding("utf-8");
		String uri = request.getRequestURI();
		CrmUser crmUser = (CrmUser) request.getSession().getAttribute("SESSION_USER");
//		if (crmUser == null && !"/HtglPro/login.html".equals(uri)) {
//			System.out.println("用户未登录，返回登录页面！" + uri);
//			response.sendRedirect(request.getContextPath()+"/login.html");
//			return;
//		}
		if ( uri.equals("/")){
			if ( crmUser == null){
				response.sendRedirect(request.getContextPath() + "/crmuser/gotologin");
				return;
			}else{
				response.sendRedirect(request.getContextPath() + "/crmuser/login");
				return;
			}
		}
		if  (  uri.endsWith(".jpg")  || uri.endsWith(".css") || uri.endsWith(".js") || uri.endsWith(".png")  ) {
		}else {
			if( (crmUser == null && uri.indexOf("index.jsp") < 0 && uri.indexOf("/crmuser/gotologin") < 0 
					&& uri.indexOf("/crmuser/logout") < 0 && uri.indexOf("/crmuser/login") < 0 && uri.indexOf("/crmuser/ajax/login") < 0 
					&& uri.indexOf("/test.jsp") < 0 && uri.indexOf("/crmright/listmenu") < 0 && uri.indexOf("/mobile/") < 0
					&& uri.indexOf("/crmuser/pictureCheckCode") < 0 && uri.indexOf("/crmuser/checkCode") < 0 && uri.indexOf("startthread")<0 )
					 ){
				response.sendRedirect(request.getContextPath() + "/crmuser/gotologin");
				return;
			}else if(null != crmUser && ("crmuser123456".equals(crmUser.getUserPass()) || "123456".equals(crmUser.getUserPass())  ) && uri.indexOf("/crmuser/userinfo") < 0){
				List<CrmRight> rightList = (List<CrmRight>) request.getSession().getAttribute(ProjectSetting.SESSION_USER_RIGHT);
				if(null != rightList){
					for(CrmRight right : rightList){
						if(null != right.getUrl() && !"".equals(right.getUrl()) && uri.indexOf(right.getUrl()) > 0){
							response.sendRedirect(request.getContextPath() + "/crmuser/userinfo");
							return;
						}
					}
				}
			}
		}
		filterChain.doFilter(request, response);
	}
	/**屏蔽<>脚本
	 * */
	public void checkScript(ServletRequest request){
		Enumeration enu = request.getParameterNames();
		Map pMap = request.getParameterMap();
        while (enu.hasMoreElements()) {
            Object paraName = enu.nextElement();
            String[] value =(String[]) pMap.get(paraName);
            if(value.length ==0) {
                continue;
            }
            for(int i=0;i<value.length;i++){
            	//如需替换别的字符，可自行添加
            	value[i] = value[i].replaceAll("<","&lt;");
            	value[i] = value[i].replaceAll(">","&gt;");
            	value[i] = value[i].replaceAll("'","&acute;");
            }
        }
	}
	public static void main(String[] args) throws UnsupportedEncodingException{
		System.out.println("asdf".indexOf(""));
		System.out.println (URLDecoder.decode("%2F","GBK"));
		System.out.println (URLDecoder.decode("%2F","UTF-8"));
	}
}
